At Women Leaders in Cybersecurity conference, security experts say a new approach to privacy legislation is needed

Election tampering, Facebook data harvesting, and other privacy breaches have stoked political and personal safety concerns and undermined faith in the cyber-structures that increasingly control modern life. What can individuals do to protect themselves against these attacks? And what amount of privacy are people willing to forfeit for increased security?

These and other questions were among the many discussed at the third annual Women Leaders in Cybersecurity conference, sponsored by the Center for Cybersecurity. This year’s conference, held on October 16, focused on the intersection of technology, privacy, and security and the ways they influence or are influenced by current legislation.

The first of two keynote addresses was given by Jeanette Manfra, National Protection and Programs Directorate assistant secretary for the Office of Cybersecurity and Communications for the US Department of Homeland Security. Manfra emphasized the need for private US companies and government organizations to work together, sharing information and strategy, to create a robust cyber defense as nimble and interconnected as the internet itself.

“The fact is that the internet was engineered for transparency, interoperability,” Manfra said. “And those are all wonderful things. It wasn't engineered for security.”

In a panel on strategic defenses and proactive safety measures, experts discussed roadblocks to successful defense. Edna Conway, chief security officer at Cisco, said that policymakers and legislators continue to conceptualize cyber defense as securing a physical border, but that approach fails to capture cyber’s non-physical complexities.

“We need to start to think about what we are defending as an integrated environment in which humans and devices—which are run by software—actually function. Then you begin to think about the defensive environment that is no longer a perimeter,” Conway said.

Andrea Limbago, chief social scientist at Endgame, said that ineffective legislation raises another hurdle in eradicating cybercrime. Because new law is usually created and implemented at a slow pace, it is often outstripped by increasingly sophisticated cybercrime, making the threat of punishment a weak deterrent for hackers.

“Sometimes when these cases are before the courts, you’ll have judges who are looking at sort of traditional legal doctrine and trying to apply the brick-and-mortar doctrine onto the cyber context and most times it’s not a perfect fit; sometimes it’s not even a good fit,” she said.

Current US and global laws also lack standardization regarding data protection, Limbago added. This makes privacy breaches, which are already hard to detect and attribute, very difficult to prosecute.

Micaela McMurrough, a partner at Covington & Burling and a former US Army intelligence officer, said that the best way to protect against cyber-threats is to practice basic “cyber hygiene.” This includes using two-factor authentication, implementing mandatory software updates, and using a variety of software, hardware, and cloud-based security measures so that data is protected against many types of attacks .

The final keynote was given by Sylvia Acevedo, former rocket scientist in NASA’s Jet Propulsion Laboratory and current chief executive officer of Girl Scouts. Before her address, Acevedo was presented with the 2018 Women Leaders in Cybersecurity Award by Claire Groden ’21, Cyber Scholar Laura Sorice ’19, and Cybersecurity Service Scholar Olivia Zhu ’20.

Acevedo, who is also a former executive at Apple and Dell and one of the first-ever Hispanic masters students at Stanford University, was honored for her encouragement of STEM (science, technology, engineering, and mathematics) skills in young girls. During her tenure at Girl Scouts, Acevedo has created programming and merit badges in robotics, engineering, coding, and cybersecurity, among others.

“While [Girl Scouts] represent 8 percent of the girl population, we represent an outsized impact,” Acevedo said. “When we took on cybersecurity, we realized that this was not just another science, technology, engineering, and math challenge. This was going to have the opportunity to train girls, whether or not in their life they ever code. It teaches them how to think about privacy, about individualism, about freedom, and about protection. And these are issues we’re only now beginning to really address.”